analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

sample.doc

Full analysis: https://app.any.run/tasks/52997bb3-9b46-431b-9a9b-f9667db8bc25
Verdict: Malicious activity
Analysis date: October 05, 2022, 06:21:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
cve-2022-30190
MIME: application/vnd.openxmlformats-officedocument.wordprocessingml.document
File info: Microsoft Word 2007+
MD5:

52945AF1DEF85B171870B31FA4782E52

SHA1:

06727FFDA60359236A8029E0B3E8A0FD11C23313

SHA256:

4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784

SSDEEP:

192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • CVE-2022-30190 detected

      • WINWORD.EXE (PID: 2216)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.docx | Word Microsoft Office Open XML Format document (52.2)
.zip | Open Packaging Conventions container (38.8)
.zip | ZIP compressed archive (8.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winword.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2216"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
Total events
3 622
Read events
2 924
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
8
Text files
0
Unknown types
2

Dropped files

PID
Process
Filename
Type
2216WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVRA21C.tmp.cvr
MD5:
SHA256:
2216WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:A8C9B2AE22E9E14A12CAC23E62FE650D
SHA256:623A530CD7605FDC1EAB5AF17585FB2954A62A296E97EC9951F4B32D9856F481
2216WINWORD.EXEC:\Users\admin\AppData\Local\Temp\{98D7E264-9B12-4EF4-AD05-CCCC93409563}binary
MD5:FD3E7FE6E1F8D0777862DCA4B67D548C
SHA256:CB913D949706A7EC7D2AE39CC5022DE7FEE8CD569E3D61251DB424040ABB0AB3
2216WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSDbinary
MD5:BEBDBB0DB554C7D6D0F7194EE80D1E86
SHA256:6097E1B76AC9C24D5E30D1532B1F33F555EC6C5D1DDA72E14B4E16CCAFEDC69C
2216WINWORD.EXEC:\Users\admin\AppData\Local\Temp\{0136A876-7177-4245-BD62-FCBC87840DBA}binary
MD5:BEBDBB0DB554C7D6D0F7194EE80D1E86
SHA256:6097E1B76AC9C24D5E30D1532B1F33F555EC6C5D1DDA72E14B4E16CCAFEDC69C
2216WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$mple.doc.docxpgc
MD5:DF71CDFEA07D8F8B13E49BB445F51A3C
SHA256:435CE294A08B691A526459F71FBA2F0F298B83C7979FF69245FB981A0BCB3C7E
2216WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{89548529-B0DF-494C-9D69-EDBC387317B9}.FSDbinary
MD5:BDE2A55436A763504AA35A718B6501E0
SHA256:4768A2D3DCD2C3D864D4C2166A76CB58D636E3C5C269E638501EA1B115CCF1E6
2216WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSDbinary
MD5:FD3E7FE6E1F8D0777862DCA4B67D548C
SHA256:CB913D949706A7EC7D2AE39CC5022DE7FEE8CD569E3D61251DB424040ABB0AB3
2216WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{EF0F9BA4-751E-43FE-8174-5EE3F82CB42A}.FSDbinary
MD5:D9715300C1F6EADB907362ACF2F691B7
SHA256:E8B9F296D3F3DF0BFA10D6E7968B7D390A37781667A38E1D5CBBD715D6D958BE
2216WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSFbinary
MD5:D471A0BB5F0B8A9AC834E0172491B7F9
SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

Domain
IP
Reputation
www.xmlformats.com
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
sample.doc